Dell 745N manual Additional Security Recommendations, Maximum Security Recommendations

Apple Environments

If you are using your NAS system in an Apple environment, install the Microsoft® User Authentication Module (UAM) on the NAS system. If AppleTalk is not installed on the NAS system, client access is not encrypted. See "Services for Macintosh" for more information.

Secure Socket Layer (SSL) Certificates

SSL certificates enable Web servers and users to authenticate each other before establishing a connection to create more secure communications. See "Using Secure Sockets Layer" for information.

Microsoft Baseline Security Analyzer

Use the Microsoft Baseline Security Analyzer (MBSA) to search for any security vulnerabilities. MSSA scans Windows-based servers for common security misconfigurations. The tool scans the operating system and other installed components such as Internet Information Services (IIS). MBSA also checks systems for missing security patches, and recommends critical security patches and fixes.

Additional Security Recommendations

In addition to the practices mentioned in "Standard Security Recommendations," Dell recommends the following practices to ensure security:

•Format all volumes as NTFS.

•Disable automatic log on.

•Disable the guest account.

•Do not install IIS sample applications.

•Disable parent paths.

•Move the MSADC and Scripts virtual directories from the default website to another location.

Ensure that you place appropriate restrictions on any Anonymous Logon groups. To allow UNIX® users who do not have Windows user accounts to access resources on a system running Windows, you must explicitly add the Anonymous Logon group to the Everyone group and assign the Anonymous Group appropriate permissions. For more information, see "Server for Network File System (NFS)."

Maximum Security Recommendations

This section provides information about practices recommended for maximum security on your NAS system.

•Allow no more than two administrators on the NAS system.

•Do not allow passwords that have no expiration date.

•Enable Logon Success and Logon Failure auditing.

•Disable unnecessary services.

•Disabling unnecessary services also increases performance.

•Remove the IISADMPWD virtual directory.

•Enable application logging options for all Web and FTP sites.

•Ensure that Internet Explorer zones have secure settings for all users.

•Use the NAS system only for shares and services that are actively used.

•Disable http sharing if http shares are not used.

Disabling HTTP Shares